From 1c85e4884835311bfed99aae45b7b55a9d780178 Mon Sep 17 00:00:00 2001
From: WizardHowl <liuwenyu7@huawei.com>
Date: Thu, 13 Jul 2023 01:56:55 +0000
Subject: [PATCH] Fix CVE-2023-25399

Reference: https://github.com/scipy/scipy/pull/16397/commits/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2

Signed-off-by: WizardHowl <liuwenyu7@huawei.com>
---
 ...-refcounting-issue-in-Py_FindObjects.patch | 44 +++++++++++++++++++
 ...all-refcount-issue-in-ndimage._ctest.patch | 31 +++++++++++++
 scipy.spec                                    |  8 +++-
 3 files changed, 82 insertions(+), 1 deletion(-)
 create mode 100644 backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
 create mode 100644 backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch

diff --git a/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch b/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
new file mode 100644
index 0000000..2cf335a
--- /dev/null
+++ b/backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
@@ -0,0 +1,44 @@
+From 9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 Mon Sep 17 00:00:00 2001
+From: Ralf Gommers <ralf.gommers@gmail.com>
+Date: Mon, 13 Jun 2022 20:12:00 +0200
+Subject: [PATCH] BUG: fix a minor refcounting issue in `Py_FindObjects`
+
+Closes gh-16235
+
+Note: also change `Py_XDECREF`s for start/end variables to `Py_DECREF`,
+because it's already checked higher up that those variables are not
+NULL.
+
+Reference: https://github.com/scipy/scipy/pull/16397/commits/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2
+Conflict: NA
+---
+ scipy/ndimage/src/nd_image.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c
+index 8dfa21ea2..11d176a30 100644
+--- a/scipy/ndimage/src/nd_image.c
++++ b/scipy/ndimage/src/nd_image.c
+@@ -885,7 +885,7 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
+         npy_intp idx =
+                 PyArray_NDIM(input) > 0 ? 2 * PyArray_NDIM(input) * ii : ii;
+         if (regions[idx] >= 0) {
+-            PyObject *tuple = PyTuple_New(PyArray_NDIM(input));
++            tuple = PyTuple_New(PyArray_NDIM(input));
+             if (!tuple) {
+                 PyErr_NoMemory();
+                 goto exit;
+@@ -903,8 +903,8 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
+                     PyErr_NoMemory();
+                     goto exit;
+                 }
+-                Py_XDECREF(start);
+-                Py_XDECREF(end);
++                Py_DECREF(start);
++                Py_DECREF(end);
+                 start = end = NULL;
+                 PyTuple_SetItem(tuple, jj, slc);
+                 slc = NULL;
+-- 
+2.33.0
+
diff --git a/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch b/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch
new file mode 100644
index 0000000..93f1a73
--- /dev/null
+++ b/backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch
@@ -0,0 +1,31 @@
+From 133b92679ab23e0fa4a6f3b6e45f493312531024 Mon Sep 17 00:00:00 2001
+From: Ralf Gommers <ralf.gommers@gmail.com>
+Date: Mon, 13 Jun 2022 20:20:06 +0200
+Subject: [PATCH] BUG: fix small refcount issue in `ndimage._ctest`
+
+Note that this is only test code, so it wasn't a real-world problem.
+
+Closes gh-16236
+
+Reference: https://github.com/scipy/scipy/pull/16397/commits/133b92679ab23e0fa4a6f3b6e45f493312531024
+Conflict: NA
+---
+ scipy/ndimage/src/_ctest.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/scipy/ndimage/src/_ctest.c b/scipy/ndimage/src/_ctest.c
+index fe8ce676e..f84ba064a 100644
+--- a/scipy/ndimage/src/_ctest.c
++++ b/scipy/ndimage/src/_ctest.c
+@@ -93,6 +93,8 @@ py_filter2d(PyObject *obj, PyObject *args)
+ 	    goto error;
+ 	}
+ 	callback_data[i] = PyFloat_AsDouble(item);
++        Py_DECREF(item);
++        item = NULL;
+ 	if (PyErr_Occurred()) goto error;
+     }
+ 
+-- 
+2.33.0
+
diff --git a/scipy.spec b/scipy.spec
index 85dab02..e1281c7 100644
--- a/scipy.spec
+++ b/scipy.spec
@@ -2,12 +2,15 @@
 %global debug_package %{nil}
 Name: scipy
 Version: 1.6.2
-Release: 1
+Release: 2
 Summary: A Python-based ecosystem of open-source software for mathematics, science, and engineering
 License: Qhull and Apache-2.0
 URL: https://www.scipy.org
 Source0: https://github.com/scipy/scipy/releases/download/v%{version}/scipy-%{version}.tar.gz
 
+Patch1:	backport-BUG-fix-a-minor-refcounting-issue-in-Py_FindObjects.patch
+Patch2:	backport-BUG-fix-small-refcount-issue-in-ndimage._ctest.patch
+
 BuildRequires: python3-devel python3-numpy >= 1.8.2 python3-numpy-f2py
 BuildRequires: gcc-c++ openblas-devel gcc-gfortran chrpath
 BuildRequires: pybind11-devel python3-pybind11 python3-Cython 
@@ -98,6 +101,9 @@ echo "%{_libdir}/%{name}" >> $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.c
 %config(noreplace) /etc/ld.so.conf.d/*
 
 %changelog
+* Thu Jul 13 2023 Wenyu Liu <liuwenyu7@huawei.com> - 1.6.2-2
+- Fix CVE-2023-25399
+
 * Fri Dec 24 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.6.2-1
 - upgrade to 1.6.2 
 
-- 
Gitee